September 29, 2013    /    by

Governors Release Compelling Cyber Roadmap for States

The NGA released a new compelling strategy paper called Act and Adjust: A Call to Action for Governors for Cybersecurity.

NGA Meeting in Washington

National Governors Association (NGA) Cybersecurity Meeting on Capitol Hill   (Left to right: Michigan Governor Rick Snyder, NGA Executive Director Dan Crippen and Major General William N. Reddell III)


For many years, government technology professionals around the USA have been urging more resources and more action regarding cybersecurity. Over the past decade, there were increasing numbers of alarming global reports, scary surveys, offsite meetings, white papers on technology risks, small cyber summits, large security conferences and much more.

Groups like the National Association of State Chief Information Officers (NASCIO) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have consistently championed workgroups and studies to increase the focus on the growing cyberthreats faced by state and local governments. And yet, government leaders have, for the most part, struggled to mount a successful strategy to defend against the growing number of cyberattacks coming from around the globe.

Put simply, we have been outgunned on cyber.

Is the tide turning in 2013?

Perhaps the tide is now turning – with the National Governors Association (NGA) making cybersecurity a top bipartisan priority. Last year, the NGA launched the Resource Center on Cybersecurity. Michigan Gov. Snyder and Maryland Gov. Martin O’Malley have led NGA’s Resource Center for State Cybersecurity since October 2012. This year, they have examined the role of state policy in ensuring adequate cybersecurity for state-owned and state-based infrastructure, including data and communication systems, banking and financial records, water systems and the electrical grid.

 During the NGA Mid-year meeting back in February 2013, CSPAN broadcast these hearings on States and Cybersecurity.

 New Call to Action on Cybersecurity

And now, in an event held this week at the US Capitol in Washington, the NGA released a new compelling strategy paper called Act and Adjust: A Call to Action for Governors for Cybersecurity.

This paper provides strategic recommendations governors can immediately adopt to improve their state’s cybersecurity posture. The report builds on the advice of national experts and practitioners from both the public and private sectors and recommends that states:

 - Establish a governance and authority structure for cybersecurity;

 - Conduct risk assessments and allocate resources accordingly;

 - Implement continuous vulnerability threat monitoring practices;

 - Ensure compliance with current security methodologies and business disciplines; and

 - Create a culture of risk awareness.

Coverage of the events this week included this article from the Pew Charitable Trust. Here’s an excerpt:

“As governors, we are directly responsible for ensuring the security of a wide array of state-owned assets and personally identifiable information such as tax records, driver’s licenses and birth records,” Snyder said in a statement. “We also play a critical role in ensuring that private-sector assets within our states are secure,” the former president of Gateway computers said.

Also, the Detroit News reported this:

Cyber attacks on the state of Michigan’s computer systems have increased to about 500,000 a day, he said. A recent example of a sophisticated phishing scam to 2,800 state employees said their email has exceeded their storage limit and directed them to a link to validate their mailbox. The scam resulted in 155 people clicking the link and 144 people providing personal information to the hackers, Snyder said.

“This shows you can’t take anything for granted,” said Snyder, noting the phishing scam was shut down within a hour and didn’t cause real damage.

What’s Next?

Many industry experts still believe that the country won’t “wake-up” to the importance of cybersecurity protections until a crippling “Cyber 9/11” or a “Cyber Pearl Harbor” type of event occurs. No doubt, many government and private sector leaders continue to give lip service to this topic, while quietly doing little.

However, I continue to be an optimist. I see our cyber efforts gaining more traction and getting the attention of senior government business leaders across the nation. With leaders like Governor Snyder and Governor O’Malley making the case, I see new progress. When you hear them speak on cyber topics affecting business, governments and families, the need for compelling action comes alive. More important, a forward path becomes clearer.

Now we have a bipartisan roadmap for governors. While this is only one small step, we are making progress on cyber in many state governments. When combined with President Obama’s actions on cybersecurity, the momentum going into 2014 is encouraging.

No doubt, much more needs to be done. We are still far behind the bad guys. Cyberspace has no borders, and the recent Edward Snowden incidents with the National Security Agency (NSA) have not helped.

Which brings this entire subject back to a personal level. Can you help implement the cyber-protections offered in this new roadmap in your state? America certainly needs more cyber ambassadors for good.

What are your thoughts on this NGA Call to Action?